Vulnerability CVE-2019-12662


Published: 2019-09-25

Description:
A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Open Virtual Appliance (OVA) image. An authenticated, local attacker could exploit this vulnerability and load a malicious, unsigned OVA image on an affected device. A successful exploit could allow an attacker to perform code execution on a crafted software OVA image.

Type:

CWE-347

(Improper Verification of Cryptographic Signature)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Cisco -> Nexus 3172tq-32t firmware 
Cisco -> Nexus 3548 firmware 
Cisco -> Nexus 7700 10-slot firmware 
Cisco -> Ios xe 
Cisco -> Nexus 3172tq-xl firmware 
Cisco -> Nexus 5548p firmware 
Cisco -> Nexus 7700 18-slot firmware 
Cisco -> Nexus 3016 firmware 
Cisco -> Nexus 3172tq firmware 
Cisco -> Nexus 5548up firmware 
Cisco -> Nexus 7700 2-slot firmware 
Cisco -> Nexus 3048 firmware 
Cisco -> Nexus 3232c firmware 
Cisco -> Nexus 5596t firmware 
Cisco -> Nexus 7700 6-slot firmware 
Cisco -> Nexus 3064-t firmware 
Cisco -> Nexus 3264c-e firmware 
Cisco -> Nexus 5596up firmware 
Cisco -> Nx-os 
Cisco -> Nexus 3064 firmware 
Cisco -> Nexus 3264q firmware 
Cisco -> Nexus 56128p firmware 
Cisco -> Nexus 31108pc-v firmware 
Cisco -> Nexus 3408-s firmware 
Cisco -> Nexus 5624q firmware 
Cisco -> Nexus 31108tc-v firmware 
Cisco -> Nexus 34180yc firmware 
Cisco -> Nexus 5648q firmware 
Cisco -> Nexus 31128pq firmware 
Cisco -> Nexus 34200yc-sm firmware 
Cisco -> Nexus 5672up firmware 
Cisco -> Nexus 3132c-z firmware 
Cisco -> Nexus 3432d-s firmware 
Cisco -> Nexus 5696q firmware 
Cisco -> Nexus 3132q-v firmware 
Cisco -> Nexus 3464c firmware 
Cisco -> Nexus 6001 firmware 
Cisco -> Nexus 3132q-xl firmware 
Cisco -> Nexus 3524-x firmware 
Cisco -> Nexus 6004 firmware 
Cisco -> Nexus 3132q firmware 
Cisco -> Nexus 3524-xl firmware 
Cisco -> Nexus 7000 10-slot firmware 
Cisco -> Nexus 3164q firmware 
Cisco -> Nexus 3524 firmware 
Cisco -> Nexus 7000 18-slot firmware 
Cisco -> Nexus 3172 firmware 
Cisco -> Nexus 3548-x firmware 
Cisco -> Nexus 7000 4-slot firmware 
Cisco -> Nexus 3172pq-xl firmware 
Cisco -> Nexus 3548-xl firmware 
Cisco -> Nexus 7000 9-slot firmware 

 References:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-vman

Copyright 2024, cxsecurity.com

 

Back to Top